Add Kconfig descriptions for Chaostables, ECHO, geoip

extensions/xt_CHAOS.Kconfig

@@ -0,0 +1,9 @@
+config NETFILTER_XT_TARGET_CHAOS
+	tristate '"CHAOS" target support'
+	depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
+	depends on NETFILTER_XT_TARGET_DELUDE || NETFILTER_XT_TARGET_TARPIT
+	depends on CONFIG_IP_NF_TARGET_REJECT
+	---help---
+	The CHAOS target is a module to report back false results to nmap
+	scans by randomly switching between DELUDE/TARPIT, REJECT and DROP
+	behavior.

extensions/xt_DELUDE.Kconfig

@@ -0,0 +1,6 @@
+config NETFILTER_XT_TARGET_DELUDE
+	tristate '"DELUDE" target support'
+	depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
+	---help---
+	The DELUDE target acknowledges connection initiations but forcibly
+	closes on any other packet, therefore making the port look open.

extensions/xt_ECHO.Kconfig

@@ -0,0 +1,6 @@
+config NETFILTER_XT_TARGET_ECHO
+	tristate '"ECHO" sample target'
+	depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
+	---help---
+	The ECHO target provides a demonstrational implementation of an
+	Xtables target implementing RFC 862 for UDP.

extensions/xt_geoip.Kconfig

@@ -0,0 +1,10 @@
+config NETFILTER_XT_MATCH_GEOIP
+	tristate '"geoip" match support'
+	depends on NETFILTER_XTABLES
+	---help---
+	This option allows you to match a packet by its source or destination
+	country. Basically, you need a country's database containing all
+	subnets and associated countries.
+
+	For the complete procedure and understanding, read:
+	http://people.netfilter.org/acidfu/geoip/howto/geoip-HOWTO.html

extensions/xt_portscan.Kconfig

@@ -0,0 +1,8 @@
+config NETFILTER_XT_MATCH_PORTSCAN
+	tristate '"portscan" target support'
+	depends on NETFILTER_XTABLES && NETFILTER_ADVANCED
+	---help---
+	The portscan match allows to match on the basic types of nmap
+	scans: Stealth Scan, SYN scan and connect scan. It can also match
+	"grab-only" connections, i.e. where data flows in only one
+	direction.